GNU bug report logs - #38171
guix lynx can not connect, ArchLinux lynx can, why?

Previous Next

Package: guix;

Reported by: Bengt Richter <bokr <at> bokr.com>

Date: Mon, 11 Nov 2019 21:09:02 UTC

Severity: normal

Done: Clément Lassieur <clement <at> lassieur.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 38171 in the body.
You can then email your comments to 38171 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#38171; Package guix. (Mon, 11 Nov 2019 21:09:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Bengt Richter <bokr <at> bokr.com>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Mon, 11 Nov 2019 21:09:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Bengt Richter <bokr <at> bokr.com>
To: New-Bug <bug-guix <at> gnu.org>
Subject: guix lynx can not connect, ArchLinux lynx can, why?
Date: Mon, 11 Nov 2019 13:08:33 -0800

Hi Guix,

Sorry about the vterm escapes, but perhaps it's easy to see for someone anyway?

Both lynxes started and both use the same lynx.cfg and lynx.lss in /etc/.
I selected a bookmark link to duckduckgo and /usr/bin/lynx got there, but guix lynx did not.
Either way, I just exited lynx, so make the strace as small as possible.

The first lines from the greps show a TLS difference -- (why? different internal defaults?)
and is that the explanation? Can I fix it with /etc/lynx.cfg?

guix describe:
Generation 22	Nov 08 2019 17:49:27	(current)
  guix be4f2d9
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: be4f2d9451344701599b6dc000c0345ce53b2128

The respective lynxes:
    /gnu/store/7vwm0ly476k7p2spbwxsqr2p7khg69yc-lynx-2.8.9rel.1/bin/lynx:
    ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter
    /gnu/store/h90vnqw0nwd0hhm1l5dgxsdrigddfmq4-glibc-2.28/lib/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, not stripped

    /usr/bin/lynx:
    ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter
    /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=9a1efceaaead8942151b0719125d63cbd4e296cf, stripped

Results:

--8<----(guix lynx)-----------cut here---------------start------------->8---
[12:07 ~/bs]$ egrep -E '(Alert|TLS|HTTP)' lynx-gx.strace
122385 write(1</dev/tty3>, "\33[0;10;1m\17\33[33m\33[44mSecure 256-bit TLS1.3 (ECDHE_RSA_AES_256_GCM_SHA384) HTTP co"..., 91) = 91
122385 write(1</dev/tty3>, "\33[0;10;1m\17\33[33m\33[44mnding HTTP request.\33[K", 42) = 42
122385 write(1</dev/tty3>, "\33[0;10;1m\17\33[33m\33[44mHTTP request sent; w", 40) = 40
122385 write(1</dev/tty3>, "\33[0;10;1m\17\33[33m\33[41mAlert!: Unexpected network read error; connection aborted.\33["..., 81) = 81
122385 write(1</dev/tty3>, "\33[0;10;1m\17\33[33m\33[41mAlert!: Unable to access document.\33[K", 57) = 57
--8<----(guix lynx)-----------cut here---------------end--------------->8---

--8<----(ArchLinux lynx)-----------cut here---------------start------------->8---
[12:07 ~/bs]$ egrep -E '(Alert|TLS|HTTP)' lynx-usr.strace
122308 write(1</dev/tty3>, "\33[0;10;1m\17\33[33m\33[44mSecure 256-bit TLSv1.3 (TLS_AES_256_GCM_SHA384) HTTP connect"..., 86) = 86
122308 write(1</dev/tty3>, "\33[0;10;1m\17\33[33m\33[44mnding HTTP request.", 39) = 39
122308 write(1</dev/tty3>, "\33[0;10;1m\17\33[33m\33[44mHTTP request sent; w", 40) = 40
122308 write(1</dev/tty3>, "\33[0;10;1m\17\33[33m\33[44mHTTP/1.1 302 Moved Temporarily", 50) = 50
122308 write(1</dev/tty3>, "\33[0;10;1m\17\33[33m\33[44mSecure 256-bit TLSv1.3 (TLS_AES_256_GCM_SHA384) HTTP connect"..., 86) = 86
122308 write(1</dev/tty3>, "\33[0;10;1m\17\33[33m\33[44mnding HTTP request.", 39) = 39
122308 write(1</dev/tty3>, "\33[0;10;1m\17\33[33m\33[44mHTTP request sent; w", 40) = 40
122308 write(1</dev/tty3>, "\33[0;10;1m\17\33[33m\33[44mHTTP/1.1 200 OK\33[K", 38) = 38
--8<----(ArchLinux lynx)-----------cut here---------------end--------------->8---

--8<----(strace cmds)-----------cut here---------------start------------->8---
[12:07 ~/bs]$ # above from: strace -s 80 -yfo lynx-gx.strace lynx
[12:15 ~/bs]$ #        and: strace -s 80 -yfo lynx-usr.strace /usr/bin/lynx
--8<----(strace cmds)-----------cut here---------------end--------------->8---

I've got the whole strace logs still, in case you want me to grep out something more.
TIA
-- 
Regards,
Bengt Richter
Information forwarded to bug-guix <at> gnu.org:
bug#38171; Package guix. (Tue, 12 Nov 2019 00:06:02 GMT) Full text and rfc822 format available.

Message #8 received at 38171 <at> debbugs.gnu.org (full text, mbox):

From: clement <at> lassieur.org (Clément Lassieur)
To: Bengt Richter <bokr <at> bokr.com>
Cc: 38171 <at> debbugs.gnu.org
Subject: Re: bug#38171: guix lynx can not connect, ArchLinux lynx can, why?
Date: Tue, 12 Nov 2019 01:05:41 +0100

[Message part 1 (text/plain, inline)]
Hi Bengt,

Thank you for the report!

It seems to be a GnuTLS issue with TLS 1.3 hosts[1].  There is patch
upstream but it hasn't landed in a release yet, so I think it's safer to
switch to OpenSSL.  What do you think?  I attached a patch doing just
that.

Cheers,
Clément

[1]: https://lists.gnu.org/archive/html/lynx-dev/2018-12/msg00009.html


[0001-gnu-lynx-Fix-errors-with-TLS-1.3-hosts.patch (text/x-diff, inline)]
From 83523b25d10f5fc42473dbfb93e5ee3c29e23b88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Lassieur?= <clement <at> lassieur.org>
Date: Tue, 12 Nov 2019 00:38:30 +0100
Subject: [PATCH] gnu: lynx: Fix errors with TLS 1.3 hosts.

Fixes <https://bugs.gnu.org/38171>.
Reported by Bengt Richter <bokr <at> bokr.com>.

See <https://lists.gnu.org/archive/html/lynx-dev/2018-12/msg00009.html>.

* gnu/packages/web-browsers.scm (lynx)[inputs, arguments]: Replace GnuTLS with
OpenSSL.
---
 gnu/packages/web-browsers.scm | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gnu/packages/web-browsers.scm b/gnu/packages/web-browsers.scm
index 1b41aec874..24531623c6 100644
--- a/gnu/packages/web-browsers.scm
+++ b/gnu/packages/web-browsers.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2018 Rutger Helling <rhelling <at> mykolab.com>
 ;;; Copyright © 2018 Timo Eisenmann <eisenmann <at> fn.de>
 ;;; Copyright © 2018 Pierre Neidhardt <mail <at> ambrevar.xyz>
+;;; Copyright © 2019 Clément Lassieur <clement <at> lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -222,7 +223,7 @@ and the GTK+ toolkit.")
                      ("perl" ,perl)))
     (inputs `(("ncurses" ,ncurses)
               ("libidn" ,libidn)
-              ("gnutls" ,gnutls)
+              ("openssl" ,openssl)
               ("libgcrypt" ,libgcrypt)
               ("unzip" ,unzip)
               ("zlib" ,zlib)
@@ -230,12 +231,12 @@ and the GTK+ toolkit.")
               ("bzip2" ,bzip2)))
     (arguments
      `(#:configure-flags
-       (let ((gnutls (assoc-ref %build-inputs "gnutls")))
+       (let ((openssl (assoc-ref %build-inputs "openssl")))
          `("--with-pkg-config"
            "--with-screen=ncurses"
            "--with-zlib"
            "--with-bzlib"
-           ,(string-append "--with-gnutls=" gnutls)
+           ,(string-append "--with-ssl=" openssl)
            ;; "--with-socks5"    ; XXX TODO
            "--enable-widec"
            "--enable-ascii-ctypes"
-- 
2.23.0
Information forwarded to bug-guix <at> gnu.org:
bug#38171; Package guix. (Tue, 12 Nov 2019 17:48:02 GMT) Full text and rfc822 format available.

Message #11 received at 38171 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Clément Lassieur <clement <at> lassieur.org>
Cc: Bengt Richter <bokr <at> bokr.com>, 38171 <at> debbugs.gnu.org
Subject: Re: bug#38171: guix lynx can not connect, ArchLinux lynx can, why?
Date: Tue, 12 Nov 2019 12:47:23 -0500

On Tue, Nov 12, 2019 at 01:05:41AM +0100, Clément Lassieur wrote:
> Hi Bengt,
> 
> Thank you for the report!
> 
> It seems to be a GnuTLS issue with TLS 1.3 hosts[1].  There is patch
> upstream but it hasn't landed in a release yet, so I think it's safer to
> switch to OpenSSL.  What do you think?  I attached a patch doing just
> that.

Can you double-check that the licenses of Lynx and OpenSSL are
compatible for redistribution?
Information forwarded to bug-guix <at> gnu.org:
bug#38171; Package guix. (Tue, 12 Nov 2019 18:24:02 GMT) Full text and rfc822 format available.

Message #14 received at 38171 <at> debbugs.gnu.org (full text, mbox):

From: Clément Lassieur <clement <at> lassieur.org>
To: Leo Famulari <leo <at> famulari.name>
Cc: Bengt Richter <bokr <at> bokr.com>, 38171 <at> debbugs.gnu.org
Subject: Re: bug#38171: guix lynx can not connect, ArchLinux lynx can, why?
Date: Tue, 12 Nov 2019 19:23:15 +0100

Leo Famulari <leo <at> famulari.name> writes:

> Can you double-check that the licenses of Lynx and OpenSSL are
> compatible for redistribution?

https://lynx.invisible-island.net/current/README.ssl says:

--8<---------------cut here---------------start------------->8---
OpenSSL's distribution and use may be restricted by licenses and laws.
For information on obtaining OpenSSL, as well as information on its
distribution, see http://www.openssl.org/
--8<---------------cut here---------------end--------------->8---

and https://www.openssl.org/docs/faq.html says:

--8<---------------cut here---------------start------------->8---
Can I use OpenSSL with GPL software?

On many systems including the major Linux and BSD distributions, yes
(the GPL does not place restrictions on using libraries that are part of
the normal operating system distribution).

On other systems, the situation is less clear. Some GPL software
copyright holders claim that you infringe on their rights if you use
OpenSSL with their software on operating systems that don't normally
include OpenSSL.

If you develop open source software that uses OpenSSL, you may find it
useful to choose an other license than the GPL, or state explicitly that
"This program is released under the GPL with the additional exemption
that compiling, linking, and/or using OpenSSL is allowed." If you are
using GPL software developed by others, you may want to ask the
copyright holder for permission to use their software with OpenSSL.
--8<---------------cut here---------------end--------------->8---

If Guix is one of the major Linux distributions (as I think it is), Lynx
and OpenSSL are compatible as per OpenSSL's site (first paragraph).  In
any case, Lynx's README.ssl makes it clear that they have nothing
against OpenSSL use.  (It even says GnuTLS support is experimental.)
Reply sent to Clément Lassieur <clement <at> lassieur.org>:
You have taken responsibility. (Wed, 13 Nov 2019 17:09:02 GMT) Full text and rfc822 format available.
Notification sent to Bengt Richter <bokr <at> bokr.com>:
bug acknowledged by developer. (Wed, 13 Nov 2019 17:09:02 GMT) Full text and rfc822 format available.

Message #19 received at 38171-done <at> debbugs.gnu.org (full text, mbox):

From: Clément Lassieur <clement <at> lassieur.org>
To: Bengt Richter <bokr <at> bokr.com>
Cc: 38171-done <at> debbugs.gnu.org, Leo Famulari <leo <at> famulari.name>
Subject: Re: bug#38171: guix lynx can not connect, ArchLinux lynx can, why?
Date: Wed, 13 Nov 2019 18:08:43 +0100

Pushed.  Bengt, you can 'guix pull', it should work now :)

Clément
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Thu, 12 Dec 2019 12:24:11 GMT) Full text and rfc822 format available.
This bug report was last modified 4 years and 134 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.